Adam Nichols

On Monday (August 27, 2018) a Local Privilege Escalation (LPE) 0-day was released which reportedly affects Windows 10 and Server 2016, at a minimum. We investigated this to understand the vulnerability, the current Proof of Concept (PoC) exploit, and wanted to write it up in terms which explain the actual risk to organizations.

Security decisions should be based on verifiable data - facts - rather than opinions. I’ve seen the trend of CISOs and many security operators being impeded by the lack of transparency into security data, jaded by product features and marketing fluff and limited by their ability to glean high quality, data-driven insights to inform decision making. This is a problem that GRIMM is working to solve.

Introduction Have you ever been trying to solve a systemic problem, like users getting infected by malware, and the only advice you get is completely impractical, such as to instruct users to not click on links or open attachments? This seems to be one of the top security recommendations lately, as if the solution was so simple. The good news is that there are some practical solutions out there for nearly every organization.

Financial technology (Fintech) has a long history of innovation, but there have been interesting changes now that Bitcoin has demonstrated the possibility of having a trustworthy system even when dealing with untrusted parties. It has taken Bitcoin quite a few years to earn the level of trust and acceptance it has today, but it serves as an existence proof that this level of trust is both technical and socially possible. This is what the altcoins and other blockchain technologies are banking on.

In our spare time, we like to hunt for bugs in various pieces of software. To help teach people this skill, we decided to write up our analysis on some of the crashes we find. The goal is to help people learn how to debug, analyze the problem, determine why it’s happening, and what the impact is. For example, is this just something which will cause the software to crash and merely cause a brief denial of service, or is this a vulnerability which can be exploited to take complete control over the computer?